Hijack
Germany warns of Signal account hijacking targeting senior figures
Germany’s domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal. The attacks combine social engineering with legitimate features to steal data from politicians, military officers, diplomats, and investigative journalists in Germany and across Europe. The security advisory is based on intelligence collected by the Federal […]
Hackers compromise NGINX servers to redirect user traffic
A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker’s backend infrastructure. NGINX is open-source software for web traffic management. It intermediates connections between users and servers and is employed for web serving, load balancing, caching, and reverse proxying. The malicious campaign, discovered by researchers at […]
Notepad++ update feature hijacked by Chinese state hackers for months
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. The attackers intercepted and selectively redirected update requests from certain users to malicious servers, serving tampered update manifests by exploiting a security gap in the Notepad++ update […]
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability. Cybersecurity company watchTowr reported the security flaw to developer SmarterTools on January 8, which released a fix on January 15 without assigning an identifier. The vulnerability was later assigned CVE-2026-23760 and rated critical severity, as […]
WhatsApp device linking abused in account hijacking attacks
Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. This type of attack does not require any authentication, as the victim is tricked into linking the attacker’s browser to a WhatsApp device. By doing so, threat actors gain access to the full conversation history and […]
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed ‘GhostPoster’ is hiding JavaScript code in the image logo of malicious Firefox extensions with more than 50,000 downloads, to monitor browser activity and plant a backdoor. The malicious code grants operators persistent high-privilege access to the browser, enabling them to hijack affiliate links, inject tracking code, and commit click and ad fraud. […]
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer’s account in a phishing attack. Josh Junon (qix), the package maintainer whose accounts were hijacked in this supply-chain attack, confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email […]
Silk Typhoon hackers hijack network captive portals in diplomat attacks
State-sponsored hackers linked to the Silk Typhoon activity cluster targeted diplomats by hijacking web traffic to redirect to a malware-serving website. The hackers used an advanced adversary-in-the-middle (AitM) technique to hijack the captive portal of the network and send the target to the first-stage malware. Google Threat Intelligence Group (GTIG) tracks the threat actor as UNC6384 and, based […]
PyPI now blocks domain resurrection attacks used for hijacking accounts
The Python Package Index (PyPI) has introduced new protections against domain resurrection attacks that enable hijacking accounts through password resets. PyPI is the official repository for open-source Python packages. It is used by software developers, product maintainers, and companies working with Python libraries, tools, and frameworks. Accounts of project maintainers publishing software on PyPI are […]
Over 1,000 CrushFTP servers exposed to ongoing hijack attacks
Over 1,000 CrushFTP instances currently exposed online are vulnerable to hijack attacks that exploit a critical security bug, providing admin access to the web interface. The security vulnerability (CVE-2025-54309) is due to mishandled AS2 validation and impacts all CrushFTP versions below 10.8.5 and 11.3.4_23. The vendor tagged the flaw as actively exploited in the wild on July 19th, noting that […]